Introduction to junos software

8/13/2019 Introduction to junos software

1/230

1194 North Mathilda Avenue

Sunnyvale, CA 94089USA

408-745-2000

www.juniper.net

Introduction to JUNOS Software9.b

Student Guide

Course Number: EDU-JUN-IJS


2/230

Juniper Networks, the Juniper Networks logo, JUNOS, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United States and other

countries. JUNOSe is a trademark of Juniper Networks, Inc. All other trademarks, service marks, registered trademarks, or registered service marks are the

property of their respective owners.

Juniper Networks reserves the right to change, modify, transfer or otherwise revise this publication without notice.

YEAR 2000 NOTICE

Juniper Networks hardware and software products do not suffer from Year 2000 problems and hence are Year 2000 compliant. The JUNOS Software has no

known time-related limitations through the year 2038. However, the NTP application is known to have some difficulty in the year 2036.

SOFTWARE LICENSE

The terms and conditions for using Juniper Networks software are described in the software license provided with the software, or to the extent applicable, in an

agreement executed between you and Juniper Networks, or Juniper Networks agent. By using Juniper Networks software, you indicate that you understand and

agree to be bound by its license terms and conditions. Generally speaking, the software license restricts the manner in which you are permitted to use the Juniper

Networks software, may contain prohibitions against cer tain uses, and may state conditions under which the license is automatically terminated. You should

consult the software license for further details.

Introduction to JUNOS Software Student Guide, Revision 9.b

Copyright 2009, Juniper Networks, Inc.

All rights reserved. Printed in USA.

Revision History:

Revision 9.aJuly 2009

Revision 9.bOctober 2009

The information in this document is current as of the date listed above.

The information in this document has been carefully verified and is believed to be accurate for software Release 9.6R1.13. Juniper Networks assumes no

responsibilities for any inaccuracies that may appear in this document. In no event will Juniper Networks be liable for direct, indirect, special, exemplary, incidental

or consequential damages resulting from any defect or omission in this document, even if advised of the possibility of such damages.


3/230

Contents iii

ContentsChapter 1: Course Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-1Chapter 2: JUNOS Software Fundamentals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-1

JUNOS Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-3

Traffic Processing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-10

Platforms Running JUNOS Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-14

Chapter 3: User Interface Options. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-1User Interface Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-3

The JUNOS Software CLI: CLI Basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-5

The JUNOS Software CLI: Operational Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-16

The JUNOS Software CLI: Configuration Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-19

The J-Web GUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-48

Lab 1: User Interface Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-58

Chapter 4: Initial Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-1Factory-Default Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-3

Initial Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-7

Interface Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-17

Lab 2: Initial Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-32

Chapter 5: Secondary System Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-1User Configuration and Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-3

System Logging and Tracing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-15

Network Time Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-27

Archiving Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-30

Simple Network Management Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-33

Lab 3: Secondary System Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-40

Chapter 6: Operational Monitoring and Maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-1Monitoring Platform and Interface Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-3

Network Utilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-11

Maintaining JUNOS Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-16

Password Recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-23

Lab 4: Operational Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-28


4/230

iv Contents

Appendix A: Interface Configuration Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .A-1Review of Interface Configuration Hierarchy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .A-3

Interface Configuration Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .A-7

Using Configuration Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-12

Appendix B: Acronym List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .B-1Appendix C: Answer Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-1


5/230

. Course Overview v

Course OverviewThis course provides students with the foundational knowledge required to work with JUNOS

Software and to configure JUNOS devices. This one-day course provides a brief overview of the

JUNOS device families and discusses the key architectural components of the software.

Additional key topics include user interface options with a heavy focus on the command-line

interface (CLI), configuration tasks typically associated with the initial setup of devices,

interface configuration basics with configuration examples, secondary system configuration,

and the basics of operational monitoring and maintenance of JUNOS devices.

Through demonstrations and hands-on labs, you will gain experience in configuring and

monitoring the JUNOS Software and monitoring basic device operations.

ObjectivesAfter successfully completing this course, you should be able to:

Describe the basic design architecture of JUNOS Software.

Identify and provide a brief overview of JUNOS devices.

Navigate within the JUNOS Software CLI.

Perform tasks within the CLI operational and configuration modes.

Restore a JUNOS device to its factory-default state.

Perform initial configuration tasks.

Configure and monitor network interfaces.

Describe user configuration and authentication options.

Perform secondary configuration tasks for features and services such as system

logging (syslog) and tracing, Network Time Protocol (NTP), configuration archival,

and SNMP.

Monitor basic operation for JUNOS Software and devices. Identify and use network utilities.

Upgrade the JUNOS Software.

Perform file system maintenance and password recovery on a JUNOS device.

Intended AudienceThis course benefits individuals responsible for configuring and monitoring devices running

JUNOS Software.

Course LevelThe Introduction to JUNOS Software course is a one-day introductory course.

PrerequisitesStudents should have basic networking knowledge and an understanding of the OSI model and

the TCP/IP protocol suite.


6/230


7/230

Document Conventions vii

Document ConventionsCLI and GUI Text

Frequently throughout this course, we refer to text that appears in a command-line interface

(CLI) or a graphical user interface (GUI). To make the language of these documents easier to

read, we distinguish GUI and CLI text from chapter text according to the following table.

Input Text Versus Output TextYou will also frequently see cases where you must enter input text yourself. Often this will be

shown in the context of where you must enter it. We use bold style to distinguish text that is

input versus text that is simply displayed.

Style Description Usage Example

Franklin

Gothic

Normal text. Most of what you read in the Lab

Guide and Student Guide.

Cour i erNew

Console text:

Screen captures

Noncommand-related

syntax

GUI text elements:

Menu names

Text field entry

commi t compl et e

Exi t i ng conf i gur at i onmode

SelectFi l e > Open

, and then

click Conf i gur at i on. confinthe Fi l enametext box.


Nor mal CLI

Nor mal GUI

No distinguishing variant. Physi cal i nt er f ace: f xp0,Enabl ed

View configuration history by

clicking Conf i gur at i on >Hi story.

CLI Input

GUI Input

Text that you must enter. l ab@San_J ose> show route

Select Fi l e > Save, and enterconfig.iniin the Fi l enamefield.


8/230

viii Document Conventions

Defined and Undefined Syntax VariablesFinally, this course distinguishes between regular text and syntax variables, and it also

distinguishes between syntax variables where the value is already assigned (defined variables)

and syntax variables where you must assign the value (undefined variables). Note that these

styles can be combined with the input style as well.


CLI

Variable

GUI

variable

Text where variable value is already

assigned.

pol i cy my-peers

Click on my-peersin the dialog.

CLI

Undefined

GUI

Undefined

Text where the variables value is

the users discretion and text where

the variables value as shown in the

lab guide might differ from the

value the user must input.

Type set policy

policy-name.

ping 10.0.1.1

Select Fi l e > Save, and enter

filenamein the Fi l enamefield.


9/230

Additional Information ix

Additional InformationEducation Services Offerings

You can obtain information on the latest Education Services offerings, course dates, and class

locations from the World Wide Web by pointing your Web browser to:

http://www.juniper.net/training/education/.

About This PublicationThe Introduction to JUNOS SoftwareStudent Guidewas developed and tested using software

Release 9.6R1.13. Previous and later versions of software might behave differently so you

should always consult the documentation and release notes for the version of code you are

running before reporting errors.

This document is written and maintained by the Juniper Networks Education Services

development team. Please send questions and suggestions for improvement to

[email protected].

Technical PublicationsYou can print technical manuals and release notes directly from the Internet in a variety of

formats:

Go to http://www.juniper.net/techpubs/.

Locate the specific software or hardware release and title you need, and choose

the format in which you want to view or print the document.

Documentation sets and CDs are available through your local Juniper Networks sales office or

account representative.

Juniper Networks SupportFor technical support, contact Juniper Networks at http://www.juniper.net/customers/

support/, or at 1-888-314-JTAC (within the United States) or 408-745-2121 (from outside theUnited States).


10/230

x Additional Information


11/230

Introduction to JUNOS SoftwareChapter : Course Introduction


12/230

Introduction to JUNOS Software

Chapter 12 Course Introduction

This Chapter Discusses: Objectives and course content information;

Additional Juniper Networks, Inc. courses; and

Juniper Networks Technical Certification Program (JNTCP).


13/230


Course Introduction Chapter 13

IntroductionsThis slide asks several questions for you to answer during class introductions.


14/230



Course ContentsThis slide lists the topics we discuss in this course.


15/230



PrerequisitesThis slide lists the prerequisites for this course.


16/230



General Course AdministrationThis slide documents general aspects of classroom administration.


17/230



Training and Study MaterialsThis slide describes Education Services materials that are available for reference both

in the classroom and online.


18/230



Additional ResourcesThis slide describes additional resources available to assist you in the installation,

configuration, and operation of Juniper Networks products.


19/230



Satisfaction FeedbackJuniper Networks uses an electronic survey system to collect and analyze your

comments and feedback. Depending on the class you are taking, please complete the

survey at the end of the class, or be sure to look for an e-mail about two weeks fromclass completion that directs you to complete an online survey form. (Be sure to

provide us with your current e-mail address.)

Submitting your feedback entitles you to a certificate of class completion. We thank

you in advance for taking the time to help us improve our educational offerings.


20/230



Juniper Networks Education Services CurriculumJuniper Networks Education Services can help ensure that you have the knowledge

and skills to deploy and maintain cost-effective, high-performance networks for both

enterprise and service provider environments. We have expert training staff with deeptechnical and industry knowledge, providing you with instructor-led hands-on courses

as well as convenient, self-paced eLearning courses.

You can access the latest Education Services offerings covering a wide range of

platforms at http://www.juniper.net/us/en/training/technical_education/.


21/230



JNTCPThe Juniper Networks Technical Certification Program (JNTCP) consists of

platform-specific, multitiered tracks that enable participants to demonstrate, through

a combination of written proficiency exams and hands-on configuration andtroubleshooting exams, competence with Juniper Networks technology. Successful

candidates demonstrate thorough understanding of Internet and security

technologies and Juniper Networks platform configuration and troubleshooting skills.

You can learn more information about the JNTCP at

http://www.juniper.net/training/certification/.


22/230



Certification LevelsEach JNTCP track has one to four certification levels. Associate-level and

Specialist-level exams are computer-based exams composed of multiple choice

questions. These computer-based exams are administered at Prometric testingcenters worldwide and have no prerequisite certification requirements.

Professional-level and Expert-level exams are composed of hands-on lab exercises

that are administered at select Juniper Networks testing centers. Professional-level

and Expert-level exams require that you first obtain the next lower certification in the

track. Please visit the JNTCP Web site at

http://www.juniper.net/training/certification/ for detailed exam information, exam

pricing, and exam registration.


23/230



Prepping and StudyingThis slide lists some options for those interested in prepping for Juniper Networks

certification.


24/230



Any Questions?If you have any questions or concerns about the class you are attending, we suggest

that you voice them now so that your instructor can best address your needs during

class.


25/230

Introduction to JUNOS SoftwareChapter 2: JUNOS Software Fundamentals


26/230


Chapter 22 JUNOS Software Fundamentals

This Chapter Discusses: JUNOS Software and its basic design architecture;

Traffic processing for transit and exception traffic; and

JUNOS platforms.


27/230


JUNOS Software Fundamentals Chapter 23

JUNOS SoftwareThe slide lists the topics we cover in this chapter. We discuss the highlighted topic

first.


28/230



Robust, Modular, and ScalableJUNOS Software functionality is compartmentalized into multiple software processes.

Each process handles a portion of the devices functionality. Each process runs in its

own protected memory space, ensuring that one process cannot directly interfere withanother. When a single process fails, the entire system does not necessarily fail. This

modularity also ensures that new features can be added with less likelihood of

breaking current functionality.

JUNOS Software is the trusted, secure network operating system powering the

high-performance network infrastructure offered by Juniper Networks. The JUNOS

kernel is based on the FreeBSD UNIX operating system, which is an open source

software system.


29/230



Single Software Source Code BaseAll platforms running JUNOS Software use the same source code base within their

platform-specific images. This design ensures that core features work in a consistent

manner across all platforms running JUNOS Software. Because many features andservices are configured and managed the same way, the setup tasks and ongoing

maintenance and operation within your network is simplified.


30/230



Separate Control and Forwarding PlanesAnother aspect of the JUNOS Softwares modularity is the separation of the control

plane and the forwarding or data plane. The processes that control routing and

switching protocols are cleanly separated from the processes that forward frames,packets, or both through the device running JUNOS Software. This design allows you to

tune each process for maximum performance and reliability. The separation of the

control and forwarding planes is one of the key reasons why JUNOS Software can

support many different platforms from a common code base.

The slide illustrates a basic view of the JUNOS architecture and highlights the control

and forwarding planes. The control plane, shown above the dashed line on the slide,

runs on the Routing Engine (RE). The RE is the brain of the platform; it is responsible

for performing protocol updates and system management. The RE runs various

protocol and management software processes that reside inside a protected memory

environment. The RE is based on an X86 or PowerPC architecture, depending on the

specific platform running JUNOS Software. The RE maintains the routing tables,

bridging table, and primary forwarding table and connects to the Packet ForwardingEngine (PFE) through an internal link. Although all JUNOS platforms share this

common design goal, the actual components that make up the control and forwarding

planes vary between the different JUNOS platforms. For additional details about a

specific JUNOS platform, see the technical publications at

http://www.juniper.net/techpubs/.

Continued on next page.


31/230



Separate Control and Forwarding Planes (contd.)The PFE, shown below the dashed line on the slide on the previous page, usually runs

on separate hardware and is responsible for forwarding transit traffic through the

device. In many platforms running JUNOS Software, the PFE uses application-specific

integrated circuits (ASICs) for increased performance. Because this architecture

separates control operationssuch as protocol updates and system management

from forwarding operations, platforms running JUNOS Software can deliver superior

performance and highly reliable deterministic operation.

The PFE receives the forwarding table (FT) from the RE by means of an internal link. FT

updates are a high priority for the JUNOS Software kernel and are performed

incrementally.

Because the RE provides the intelligenceside of the equation, the PFE can simply

perform as it is instructedthat is, it forwards frames, packets, or both with a high

degree of stability and deterministic performance. This architectural design also

makes possible the incorporation of high-availability features like graceful Routing

Engine switchover (GRES), nonstop active routing (NSR), and in-service software

upgrades (ISSUs).


32/230



Maintains Routing Engine IntelligenceThe RE handles all protocol processes in addition to other software processes that

control the devices interfaces, the chassis components, system management, and

user access to the device. These software processes run on top of the JUNOS kernel,which interacts with the PFE. The software directs all protocol traffic from the network

to the RE for the required processing.

Controls and Monitors ChassisThe RE provides the CLI in addition to the J-Web GUI. These user interfaces run on top

of the JUNOS kernel and provide user access and control of the device. We discuss

user interfaces in a subsequent chapter in this course.

Manages Packet Forwarding EngineThe RE controls the PFE by providing accurate, up-to-date Layer 2 and Layer 3forwarding tables and by downloading microcode and managing software processes

that reside in the PFEs microcode. The RE receives hardware and environmental

status messages from the PFE and acts upon them as appropriate.


33/230



Forwards TrafficThe PFE is the central processing component of the forwarding plane. The PFE

systematically forwards traffic based on its local copy of the forwarding table. The

PFEs forwarding table is a synchronized copy of the information created on andprovided by the RE. Storing and using a local copy of the forwarding table allows the

PFE to forward traffic more efficiently and eliminates the need to consult the RE each

time a packet needs to be processed. Using this local copy of the forwarding table also

allows platforms running JUNOS Software to continue forwarding traffic during control

plane instabilities.

Implements ServicesIn addition to forwarding traffic, the PFE also implements a number of advanced

services. Some examples of advanced services implemented through the PFE include

policers that provide rate limiting, stateless firewall filters, and class of service (CoS).

Other services are available through special interface cards that you can add to the

PFE complex. We cover interfaces in a subsequent chapter.


34/230



Traffic ProcessingThe slide highlights the topic we discuss next.


35/230



Transit TrafficTransit traffic consists of all traffic that enters an ingress network port, is compared

against the forwarding table entries, and is finally forwarded out an egress network

port toward its destination.A forwarding table entry for a destination must exist, for a device running JUNOS

Software to successfully forward transit traffic to that destination. Transit traffic only

passes through the forwarding plane and is never sent to or processed by the control

plane. By processing transit traffic through the forwarding plane, platforms running

JUNOS Software can achieve predictably high performance rates.

Transit traffic can be both unicast and multicast traffic. Unicast transit traffic enters

one ingress port and is transmitted out exactly one egress port toward its destination.

Although multicast transit traffic also enters the transit device through a single ingress

port, it can be replicated and sent out multiple egress ports depending on the number

of multicast receivers and the network environment.


36/230



Exception Traffic: Part 1Unlike transit traffic, exception traffic does not pass through the local device but

rather requires some form of special handling. Examples of exception traffic include

the following: Packets addressed to the chassis, such as routing protocol updates,

Telnet sessions, pings, traceroutes, and replies to traffic sourced from

the RE;

IP packets with the IP options field (Options in the packets IP header are

rarely seen, but the PFE was purposely designed not to handle IP options;

packets with IP options must be sent to the RE for processing); and

Traffic that requires the generation of Internet Control Message Protocol

(ICMP) messages.

ICMP messages are sent to the packets source to report various error conditions and

to respond to ping requests. Examples of ICMP errors include destination unreachable

messages, which are sent when there is no entry in the forwarding table for thepacket's destination address, or time-to-live (TTL) expired messages, which are sent

when a packets TTL is decremented to zero. In most cases, the PFE process handles

the generation of ICMP messages.


37/230



Exception Traffic: Part 2JUNOS Software sends all exception traffic destined for the RE over the internal link

that connects the control and forwarding planes. JUNOS Software rate limits exception

traffic traversing the internal link to protect the RE from denial-of-service (DoS)attacks. During times of congestion, the JUNOS Software gives preference to the local

and control traffic destined for the RE. The built-in rate limiter is not configurable.


38/230



Platforms Running JUNOS SoftwareThe slide highlights the topic we discuss next.


39/230



Platforms Running JUNOS SoftwarePlatforms running JUNOS Software come in many shapes and sizes and are targeted

for a number of deployment scenarios. The platforms running JUNOS Software span

switching, routing, and security and are well suited for a variety of networkenvironments. As the heart of all these platforms, the JUNOS Software provides a

consistent end-to-end IP infrastructure in small enterprise environments and the

largest service provider networks alike. The subsequent slides introduce and provide

some details for each product family.


40/230



M Series Multiservice RoutersThe M Series multiservice routers provide up to 320 Gbps of aggregate half-duplex

throughput. You can deploy the M Series family can be deployed in both high-end

enterprise and service-provider environments. Large enterprises deploy M Seriesrouters in a number of different roles, including Internet gateway router, WAN

connectivity router, campus core router, and regional backbone and data center

routers. In service-provider environments, the M Series router operates predominantly

as a multiservice edge router, but you can also deploy it in small and medium cores,

and in peering, route reflector, multicast, mobile, and data-center applications.

For additional, in-depth details on the M Series multiservice routers, go to

http://www.juniper.net/products_and_services/m_series_routing_portfolio/

index.html.


41/230



T Series Core RoutersThe T Series core routers provide up to 25.6 Tbps of throughput. The T Series family is

ideal for service provider environments and is deployed within the core of those

networks.For additional, in-depth details on the T Series core routers, go to

http://www.juniper.net/products_and_services/t_series_core_platforms/index.html.


42/230



J Series Services RoutersThe J Series services routers provide up to 2 Gbps of throughput. The J Series services

routers are deployed at branch and remote locations in the network to provide

all-in-one secure WAN connectivity, IP telephony, and connection to local PCs andservers through integrated Ethernet switching.

For additional, in-depth details on the J Series services routers, go to

http://www.juniper.net/products_and_services/j_series_services_routers/index.html.


43/230



MX Series Ethernet Services RoutersThe MX Series Ethernet services routers provide up to 960 Gbps of aggregate

half-duplex throughput. The MX Series family is targeted for dense dedicated access

aggregation and provider edge services in medium and large point of presence(POPs). Large enterprise environments and service providers can leverage MX Series

Ethernet services routers for a variety of network functions including Ethernet

transport, aggregation, and offering new Ethernet-based services.

For additional, in-depth details on the MX Series Ethernet services routers, go to

http://www.juniper.net/products_and_services/mx_series/index.html.


44/230



EX Series Ethernet SwitchesThe EX Series Ethernet switches provide up to 6.2 Tbps of throughput. The EX Series

switches are designed for access, aggregation, and core deployments and are well

suited for low-density to high-density enterprise and data center environments.For additional, in-depth details on the EX Series Ethernet switches, go to

http://www.juniper.net/products_and_services/ex_series/index.html.


45/230



SRX Series Services GatewaysThe SRX Series services gateways provide up to 120 Gbps of throughput. The SRX

Series family is designed to meet the network and security requirements for

consolidated data centers, managed services deployments, and aggregation ofsecurity services in both enterprise and service provider environments.

For additional, in-depth details on the SRX Series services gateways, go to

http://www.juniper.net/products_and_services/srx_series/index.html.


46/230



This Chapter Discussed: JUNOS Software and its basic design architecture;

Traffic processing for transit and exception traffic; and

JUNOS platforms.


47/230



Review Questions1.

2.

3.

4.


48/230




49/230

Introduction to JUNOS SoftwareChapter 3: User Interface Options


50/230


Chapter 32 User Interface Options

This Chapter Discusses: Common user interface options available for platforms running JUNOS

Software;

The JUNOS Software CLI and its related modes and features; and

The J-Web GUI and its tabs, key screens, and functions.


51/230


User Interface Options Chapter 33

User Interface OptionsThe slide lists the topics we cover in this chapter. We discuss the highlighted topic

first.


52/230



JUNOS Software CLIThe JUNOS Software CLI is a text-based command shell. One option for accessing the

CLI is through the out-of-band (OoB) serial console connection. The console port

settings, shown on the slide, are predefined and are not user configurable.A second option for accessing the CLI is over the network (in band) using access

protocols such as Telnet or SSH. Unlike the console connection, these access options

require configuration for a network port and the access protocol.

Many platforms running JUNOS Software also offer a dedicated management Ethernet

port. This management port provides OoB access; therefore, the software cannot

forward transit traffic through this management port. The actual name of the

dedicated management Ethernet port varies between platforms. For details on your

specific platform, refer to http://www.juniper.net/techpubs/ for the technical

publications.

J-Web InterfaceThe J-Web is a Web-based graphical user interface (GUI) that you access by using

either Hypertext Transfer Protocol (HTTP) or HTTP over Secure Sockets Layer (HTTPS).

It provides quick configuration wizards to simplify the most common configuration

tasks. For more complicated configurations, the J-Web GUI allows you to directly edit

the systems text configuration file. The J-Web GUI is installed and enabled by default

on most platforms running JUNOS Software.


53/230



The JUNOS Software CLI: CLI BasicsThe slide highlights the topic we discuss next.


54/230



Logging InJUNOS Software requires a username and a password for access. The administrator

creates user accounts and assigns permissions. All platforms running JUNOS

Software have only the root user configured by default, without any password.When configured, the console login displays the hostname of the device. When you

have not configured a hostname, as is the case with a factory-default configuration,

the software displays Amnesi acin place of the hostname:

Amnesi ac ( t t yu0)

l ogi n: root

- - - J UNOS 9. 5R1. 8 bui l t 2009- 04- 13 20: 03: 09 UTCr oot @%

The root user has complete access and control of the device. When you log in as the

root user, the software places you at the UNIX shell. You must start the CLI by typing

the clicommand. When you exit the CLI, you return to the UNIX shell. For security

reasons, ensure that you also log out of the shell by using the exitcommand.


55/230



Operational ModeIn operational mode, you use the CLI to monitor and troubleshoot the device. The

monitor,ping, show, test, and traceroutecommands let you display

information and test network connectivity for the device.

Configuration ModeIn configuration mode, you can configure all properties of JUNOS Software, including

interfaces, protocols, and user access, as well as several system hardware properties.


56/230



Need Help?The CLI provides context-sensitive help at any point in a command line. Help tells you

which options are acceptable at the current point in the command and provides a

brief description of each command or command option.To receive help at any time while in the JUNOS CLI, type a question mark (?). You do

not need to press Enter. If you type the question mark at the command-line prompt,

the CLI lists the available commands and options including user-defined variables at

the appropriate context. If you type the question mark after entering the complete

name of a command or an option, the CLI lists the available commands and options

and then redisplays the command name and options that you typed. If you type the

question mark in the middle of a command name, the CLI lists possible command

completions that match the letters you have entered so far and then redisplays the

letters that you typed.


57/230



Help on General ConceptsYou can use the helpcommand in various ways. The help topiccommand

displays usage guidelines for the statement. In the example on the slide, we receive

information on configuring an interface address.


58/230



Help with JUNOS Software ConfigurationThe help referencecommand displays summary information for the referenced

configuration statement. In the example on the slide, once again, we are seeking help

with interface addressing. Although not shown on the slide, the helpreferencecommand displays a complete list of related configuration options along with several

other details specific to the referenced command statement.

In addition to the help topicand help referencecommands, JUNOS Software

also offers the help aproposcommand. The help aproposcommand displays

the contexts (typically setcommands) that reference a specified variable. The

following is an example of the help aproposcommand:

[ edi t system ar chi val conf i gur at i on]user @host # help apropos archiveset ar chi ve- si t es

Li st of ar chi ve dest i nat i onsset archi ve- si t es passwor d

Passwor d f or l ogi n i nt o t he ar chi ve si t e

The help aproposcommand only displays contexts that are relevant to the

configuration hierarchy level at which you are currently positioned. In other words, if

you entered the sample command shown, at the [edi t ] hierarchy level you wouldsee all possible references rather than just those that are applicable to the [edi tsyst em ar chi val conf i gur at i on] hierarchy level.


59/230



Spacebar Completion for CommandsThe CLI provides a completion function. Therefore, you are not always required to type

the full command or the command option name for the CLI to recognize it.

To complete a command or option that you have partially typed, press the Spacebar. Ifthe partially typed letters begin a string that uniquely identifies a command, the CLI

displays the complete command name. Otherwise, the CLI beeps to indicate that you

have entered an ambiguous command, and it displays the possible completions.

The command completion option is on by default, but you can turn it off. To disable

command completion for an individual users session, issue the set cli

complete-on-space offcommand as follows:

user @host > set cli complete-on-space offDi sabl i ng compl ete- on- space

Tab Completion for Commands and VariablesYou can use the Tab key to complete system commands and user-defined variables.

Examples of variables include policy names, AS paths, community names, and IP

addresses. The Tab key also offers a list of possible completions if multiple,

ambiguous options exist. Command completion allows you to save time by reducing

your keystrokes, and prevents errors by accurately referencing the desired

user-defined variables.


60/230



EMACS-Style Control KeysThe CLI supports EMACS-style keyboard sequences that allow you to move the cursor

on a command line and delete specific characters or words. The following are

supported sequences: Ctrl+b: Moves the cursor left one character;

Ctrl+a: Moves the cursor to the beginning of the command line;

Ctrl+f: Moves the cursor right one character;

Ctrl+e: Moves the cursor to the end of the command line;

Deleteand Backspace: Deletes the character before the cursor;

Ctrl+d: Deletes the character over the cursor;

Ctrl+k: Deletes from the cursor to the end of the line;

Ctrl+u: Deletes all characters and negates the current command;

Ctrl+w: Deletes the entire word to the left of the cursor;

Ctrl+l: Redraws the current line; and

Ctrl+p, Ctrl+n: Repeats the previous and next command in the command

history, respectively.



61/230



VT100 Terminal TypeJUNOS Software defaults to a VT100 terminal type. This terminal type enables the use

of keyboard Arrow keys without any additional session or configuration modification.


62/230



Using PipeFor operational and configuration commands that display output, such as the show

commands, you can filter the output. When help is displayed for these commands,

one of the options listed is |, called a pipe, which allows the command output to befiltered. To filter the output of an operational mode or a configuration mode command,

add a pipe and an option to the end of the command. The following are available

options:

compare (filename| rollback n): Available in configuration

mode using only the showcommand. Compares configuration changes

with another configuration file;

count: Displays the number of lines in the output;

display changed: Available in configuration mode only. Tags changes

withj unos: changedattribute only for XML use;

display commit-scripts: Shows data after JUNOS Software

applies commit scripts;

display detail: Available in configuration mode only. Displays

additional information about the contents of the configuration;



63/230



Using Pipe (contd.) display inheritance: Available in configuration mode only.

Displays inherited configuration data and source group;

display omit: Available in configuration mode only. Omits

configuration statements with the omitoption;

display set: Available in configuration mode only. Shows set

commands that created configuration statements;

display xml: Displays the output in JUNOScript XML format;

except regular-expression: Ignores text matching a regularexpression when searching the output. If the regular expression contains

spaces, operators, or wildcard characters, you must enclose it in

quotation marks;

find regular-expression: Displays the output starting at the firstoccurrence of text matching a regular expression. If the regular

expression contains spaces, operators, or wildcard characters, you must

enclose it in quotation marks;

hold: Holds text without exiting the - ( mor e) - - prompt;

last: Displays the last screen of information;

match regular-expression: Searches for text matching a regular

expression. If the regular expression contains spaces, operators, or

wildcard characters, you must enclose it in quotation marks;

no-more: Displays output all at once rather than one screen at a time;

request message: Displays output to multiple users;

resolve: Converts IP addresses to Domain Name System (DNS)

names. Truncates to fit original size unless you specify full-names;

save filename: Saves the output to a file or URL; and

trim: Trims specified number of columns from the start line.

You can cascade multiple instances of the CLIs pipe functionality, which can be very

beneficial when you must search extensive outputs displayed through the CLI for

specific information. In a subsequent chapter, we highlight the required syntax to

evoke logical AND and logical OR searches within extensive outputs and files.


64/230



The JUNOS Software CLI: Operational ModeThe slide highlights the topic we discuss next.


65/230



Operational ModeYou use operational mode CLI commands to monitor and control the operation of a

device running JUNOS Software. The operational mode commands exist in a

hierarchical structure, as shown on the slide. For example, the showcommanddisplays various types of information about the system and its environment. One of

the possible options for the showcommand is ospf, which displays information

about the Open Shortest Path First (OSPF) protocol. Specifying the interface

option, as in the show ospf interfacecommand, outputs information on OSPF

interfaces.

The JUNOS Software also adds additional flexibility through the runcommand, which

allows you to issue operational mode commands while in configuration mode. We

cover the runcommand in detail later in this chapter.


66/230



Operational Mode CapabilitiesKey operational mode capabilities include the following:

Entering configuration mode;

Controlling the CLI environment;

Exiting the CLI;

Monitoring and troubleshooting:

clear

monitor

mtrace

ping

show

test

traceroute;

Connecting to other network systems;

Copying files;

Restarting software processes; and

Performing system-level operations.


67/230



The JUNOS Software CLI: Configuration ModeThe slide highlights the topic we discuss next.


68/230



Batch Configuration ChangesUnlike software from other vendors, configuration changes made in the JUNOS

Software do not take effect immediately. This design feature allows you to group

together and apply multiple configuration changes to the running configuration as asingle unit.

Active ConfigurationThe active configuration is the configuration currently operational on the system and

is the configuration the system loads during the boot sequence. This concept is

analogous to both the runningconfigurationandstartupconfigurationin software

from other vendors.

Candidate ConfigurationThe candidate configuration is a temporary configuration that might possibly becomethe active configuration. When you configure a device running JUNOS Software, the

software creates a candidate configuration and initially populates it with the active

configuration running on that device. You then modify the candidate configuration.

Once satisfied with your modifications, you can commit the changes. This action

causes the candidate configuration to become the active configuration.


69/230



The Life of a Configuration File: An OverviewThe configurecommand causes a candidate configuration to be created and

populated with the contents of the active configuration. You can then modify the

candidate configuration with your changes.To have a candidate configuration take effect, you must commit the changes. At this

time, JUNOS Software checks the candidate configuration for proper syntax and it

installs it as the active configuration. If the syntax is not correct, an error message

indicates the location of the error, and the software does not activate any part of the

configuration. You must correct the errors before recommitting the configuration.

You can easily recover previous configurations by using a rollback ncommand.

JUNOS Software maintains a configuration history by storing previously active

configurations. The software saves a maximum of 50 configurations. This number

includes the current active configuration, which is also known as r ol l back 0, andup to 49 previously active configurations. If you perform a rollback operation, keep in

mind that the related configuration does not become active until you issue a commit.When you issue a commitand there are 50 rollback configurations, the software

purges the last rollback configurationrollback 49.

We cover these details more thoroughly on the following pages.


70/230



Starting Configuration ModeYou enter configuration mode by issuing the configurecommand from the CLIs

operational mode. If, when you enter configuration mode, another user is also in

configuration mode, a message indicates who the user is and what portion of theconfiguration the user is viewing or editing.

In configuration mode, the prompt changes from the angle bracket (>) of operationalmode to the pound sign (#), preceded by the name of the user and the name of thedevice.

The portion of the prompt in brackets, such as [edi t ] , is a banner indicating thatyou are in configuration mode and specifying your location within the configuration

hierarchy.

Exclusive ConfigurationBy default, multiple users can enter configuration mode and commit changes. Use the

configure exclusivecommand to allow only a single user to edit the

configuration. Uncommitted changes are always discarded when you use the

configure exclusivecommand. In contrast, uncommitted changes are retained

when you use the standard configurecommand.


71/230



Private ConfigurationEntering configuration mode using the configure privatecommand allows

multiple users to edit the configuration while committing only their private changes.

(You must issue a commitcommand from the [edi t ] hierarchy.) If private usersissue a rollback 0command, the software discards only their changes.

When a user is in private mode, other users must enter private mode or use

configure exclusiveto become the master, or they cannot modify the

candidate configuration. Exiting private configuration without committing changes

results in the loss of any modifications made to the private candidate configuration.

If two users are in private mode and both make the same change (For example, User

1 changes the system hostname to appleswhile User 2 sets the hostname to

oranges), the second commitwill fail with an error message to avoid configuration

conflicts. The software places the second users changes into effect if User 2 issues a

second commitcommand.

When chassis clustering is in effect, the configure privatecommand is

automated. In some other environments, you might want to require users to only use

configure private. When creating user accounts, it is possible to limit the

commands available to users through the assigned properties. We discuss user

accounts and their assigned properties later in this course.

If a user is in configuration mode and has altered the candidate configuration, other

users cannot enter confguration mode using the exclusiveorprivateoptions.

The changes made by the first user must be committed or cancelled prior to any other

users entering configuration mode with the exclusiveorprivateoptions.


72/230



Statement HierarchyIn configuration mode, you enter commands that affect the statement hierarchy. The

statement hierarchy stores configuration information and is independent of the CLI

operational mode command hierarchy. The commands available in configurationmode are also independent of the commands available in operational mode. For

example, CLI operational mode includes a showcommand to display specific

operational information, while the CLI configuration mode provides a showcommand

to display the statement hierarchy. The two commands are independent of each other.

The software organizes the statement hierarchy in a tree structure similar to Windows

folders or UNIX directories, grouping related information into a particular branch of the

tree.


73/230



Hierarchical ConfigurationUse setcommands in the CLI configuration mode to modify the candidate

configuration. Use the showcommand to display the candidate configuration. Both

commands are relative to the current configuration hierarchy, shown by the [edi t ] prompt.

Configuration files use curly brackets ({}) and indentation to visually display thehierarchical structure of the configuration. Terminatingor leafstatements in the

configuration hierarchy are displayed with a trailing semicolon (; ). You enter neitherthe curly brackets nor the semicolons as part of the setcommand.


74/230



Moving Between Levels Is Like Changing DirectoriesTo move down through an existing configuration statement hierarchy or to create a

hierarchy and move down to that level, use the editcommand, specifying your

desired hierarchy level. After you issue an editcommand, the configuration modebanner changes to indicate your current level in the hierarchy.


75/230



Moving Up One LevelTo move up one level from the current position in the hierarchy, use the upcommand.


76/230



Moving Up More Than One LevelTo move up more than one level from the current position in the hierarchy, supply an

optional count to the upcommand. The software moves you up the specified number

of levels or to the top of the hierarchy if there are fewer levels than specified.


77/230



Take Me to the TopThe topcommand quickly moves you to the top of the configuration hierarchy. You

can combine topwith editto move quickly to a different hierarchy or with showto

display the configuration details for a different hierarchy, as in the following example:

[ edi t pr ot ocol s ospf ar ea 0. 0. 0. 0 i nt er f ace ge- 0/ 0/ 0. 0]user @host # top edit system login

[ edi t systeml ogi n]user @host # top show system servicesf tp ;ssh;


78/230



Back to Where I Was BeforeAs the example on the slide illustrates, the exitcommand returns the user to the

most recent, higher level of the hierarchy. Entering exitat the top level of the

hierarchy exits configuration mode, as follows:[edi t ]user @host # exitExi t i ng conf i gur at i on mode

user @host >

Entering exit configuration-modefrom any level of the hierarchy also allows

you to exit configuration mode, as in the following example:

[ edi t pr ot ocol s ospf ar ea 0. 0. 0. 0 i nt er f ace ge- 0/ 0/ 0. 0]user @host # exit configuration-modeExi t i ng conf i gur at i on mode

user @host >


79/230



In SummaryYou can quickly navigate between levels of the configuration hierarchy using the

edit, up, top, and exitcommands.


80/230



Adding Configuration StatementsUse setcommands in the CLI configuration mode to modify the candidate

configuration.


81/230



Removing Configuration StatementsUse the configuration mode deletecommand to remove statements that you

previously added to the configuration with a setcommand. This command deletes

the statement and all its subordinate statements and identifiers. Deleting a statementor an identifier effectively unconfigures the functionality associated with that

statement or identifier, returning that functionality to its default condition.

Consider using the wildcard deletefunction when deleting individual statements

is too arduous and deleting an entire configuration subhierarchy lacks the granularity

that you need. The following example shows sample syntax for a wildcard

delete:

[edi t ]user @host # wildcard delete interfaces ge-1/*

matched: ge- 1/ 0/ 0 matched: ge- 1/ 0/ 1Del et e 2 obj ect s? [ yes, no] ( no) yes

[edi t ]user @host #

In addition to deleting configuration statements, you should also consider the use of

the deactivatecommand to cause the specified portion of the configuration

hierarchy to be ignored while still retaining the original configuration. Issue an

activatecommand to place the configuration back into effect. We provide an

example of the deactivateand activatecommands on a subsequent page.


82/230



Pop QuizIssue a delete interface interface-namedisablecommand to delete

the di sabl estatement placed into effect with the referenced setcommand. Note

that the double negative in this syntax is correct.


83/230



Using Configuration Mode EfficientlyUsing the configuration commands shown on the slide can increase efficiency. The

following output illustrates the full list of configuration mode commands:

[edi t ]user @host # ?Possi bl e compl et i ons: Execute t hi s command act i vat e Remove t he i nact i ve t ag f r oma st atement annot at e Annot at e t he st at ement wi t h a comment commi t Commi t cur r ent set of changes copy Copy a st at ement deact i vat e Add t he i nact i ve t ag t o a st atement del ete Del et e a dat a el ement edi t Edi t a sub- el ement exi t Exi t f romt hi s l evel ext ensi on Extensi on oper at i ons hel p Pr ovi de hel p i nf or mat i on i nser t I nser t a new ordered data el ement l oad Load conf i gur at i on f r om ASCI I f i l e qui t Qui t f r om t hi s l evel



84/230



Using Configuration Mode Efficiently (contd.) r ename Rename a st at ement r epl ace Repl ace char act er st r i ng i n conf i gur at i on r ol l back Rol l back t o pr evi ous commi t t ed conf i gur at i on r un Run an oper at i onal - mode command save Save conf i gur at i on t o ASCI I f i l e

set Set a par amet er show Show a par amet er st at us Show user s cur r ent l y edi t i ng conf i gur at i on t op Exi t t o t op l evel of conf i gur at i on up Exi t one l evel of conf i gur at i on wi l dcar d Wi l dcar d oper at i ons[ edi t ]user @host #

Regardless of the method and commands you use to update your configuration file,

you must issue the commitcommand to activate changes. The following example

shows the deactivate, activate, and commitcommands and their output:

[ edi t ]user @host # deactivate interfaces ge-0/0/0

[edi t ]user @host # commitcommi t compl et e

[edi t ]user @host # show interfaces ge-0/0/0#### i nact i ve: i nt er f aces ge- 0/ 0/ 0##uni t 0 {

f ami l y i net { addr ess 10. 210. 11. 177/ 28; } f ami l y i net 6;}

[edi t ]user @host # activate interfaces ge-0/0/0

[edi t ]user @host # commitcommi t compl et e

[edi t ]user @host # show interfaces ge-0/0/0uni t 0 { f ami l y i net { addr ess 10. 210. 11. 177/ 28; } f ami l y i net 6;}


85/230



Viewing the Candidate ConfigurationUse the configuration mode showcommand to display the candidate configuration.

This command displays the configuration at the current hierarchy level or at the

specified level below the current location.The showcommand has the following syntax: show statement-path. When

displaying the configuration, the CLI indents each subordinate hierarchy level, inserts

curly brackets to indicate the beginning and end of each hierarchy level, and places a

semicolon at the end of statements that are at the lowest level of the hierarchy. The

display format is the same format you use when creating an ASCII configuration file

and it is also the same format that the CLI uses when saving a configuration to an

ASCII file.

In cases where an empty statement leads to an invalid configuration because it is

incomplete or meaningless, the showcommand does not display any of the

statement path.

You can display the individual set commands used to create the existing configuration

file using the show | display setcommand. The following is an example of this

command and its resulting output:

[edi t ]user @host # show system services | display setset syst em ser vi ces sshset syst em ser vi ces web- management ht t p por t 8080


86/230



Remember to CommitRemember, JUNOS devices do not automatically apply your configuration changes.

You must use the commitcommand to activate your candidate configuration. You

can typically perform the commit operation from any hierarchy level. The exception iswhen users enter configuration mode using the configure privateoption, which

requires the commitcommand to be issued at the top hierarchy level.

On devices with redundant routing engines, you can perform a commit

synchronize, which activates and synchronizes the configuration on both routing

engines, as shown in the following capture:

{mast er : 0}[ edi t ]user @host # commit s?Possi bl e compl et i ons: synchr oni ze Synchr oni ze commi t on bot h Rout i ng Engi nes

Alternatively, you can configure the system to automatically perform the synchronize

operation when a standard commitis issued through the set system commit

synchronizecommand.

Checking Configuration SyntaxWhen you commit a candidate configuration, the software activates the entire

configuration in its current form. Use the commit checkcommand to validate the

syntax of a candidate configuration without actually placing it into effect.



87/230



Remote Configuration Is RiskyOf course, commit checkcannot catch logical errors in your configuration. What

happens when you are configuring a device remotely and make a mistake that leaves

that device inaccessible to remote connections? You can solve this scenario by using

the commit confirmedcommand. When you issue a commit confirmed

time-outcommand, the system starts a timer, during which time it expects to see

another commit. If a second commitdoes not occur within the time-out value

specified (the software supports a range of 1 to 65,535 minutes, with 10 minutes

being the default), the system performs a rollback 1, commitsequence on your

behalf. After the automatic rollback, you can load the r ol l back 1file to look foryour mistake. We discuss the rollbackcommand and operation in detail later in

this chapter.


88/230



Scheduled CommitsYou can also schedule a commit that occurs at a specific time using the commit at

timecommand. To view and clear pending commits, use the show system

commitand clear system commitcommands:user @host > show system commitcommi t r equest ed by user vi a cl i at 2009- 05- 11 21: 00: 00 UTC0 2009- 05- 11 15: 32: 42 UTC by user vi a cl i. . .user @host > clear system commitPendi ng commi t cl ear ed

Adding a Log Entry to Your CommitYou can also add a log entry to your commit using the commit comment

comment-stringoption. As illustrated on the slide, these logs are visible in theoutput of the show system commitcommand.

Exiting Configuration ModeYou can add theand-quitoption to the commitcommand to activate your changes

and exit configuration mode in a single step.


89/230



Viewing DifferencesUsing show | comparedisplays the differences between the candidate

configuration and the active configuration, also known as r ol l back 0.

Configuration comparison is patch-like. Thus, instead of showing the entireconfiguration, the display shows only the actual changes.

Comparing Active and Rollback ConfigurationsUsing the operational mode show configuration | compare rollback

numbercommand, as shown on the slide, allows you to view differences between the

active configuration and the rollback configurations. The JUNOS Software can store up

to forty-nine additional rollback configurations in addition to r ol l back 0, which isthe active configuration.

Similarly, the show configuration | compare filenamecommand allows

you to compare the active configuration to an arbitrary file. You can also use show |

compare rollback numberand show | compare filenameinconfiguration mode to compare the candidate configuration with rollback

configurations and arbitrary files, respectively.

Viewing Differences in Other FilesThe operational mode file compare filescommand allows you to view

differences between any two text files, including log files. The output of this command

is in the same patch-like format as the show | comparecommand.


90/230



Restoring a Previous ConfigurationThe software saves the last 50 committed versions of the configuration. To overwrite

the candidate configuration with one of these previously committed versions, use the

CLI configuration rollbackcommand. By default, the system returns to the mostrecently committed configurationthe active configuration.

To return to a version prior to the configuration most recently committed, include the

version number in the rollbackcommand.

The versionargument can be a number in the range 0 through 49. The most

recently saved configuration is version 0, which is the active configuration. The oldest

committed configuration the software automatically saves is version 49.

The factory-default configuration on some of the smaller JUNOS devices restricts the

number of rollback files stored by the system. This default setting can be changed to

increase the number of rollback files as shown in the following capture:

[ edi t syst em]

user @host # set max-configurations-on-flash ?Possi bl e compl et i ons: Number of conf i gur at i on f i l es st or ed on f l ash

You Must CommitThe rollbackcommand modifies only the candidate configuration. To activate the

changes loaded through the rollback operation, issue the commitcommand.


91/230



The Life of a Configuration File: A ReviewAs discussed on the previous slides, the configurecommand causes a candidate

configuration to be created and populated with the contents of the active

configuration. You can then modify the candidate configuration with your changes.To have a candidate configuration take effect, you must commit the changes. At this

time, JUNOS Software checks the candidate configuration for proper syntax and it

installs it as the active configuration. If the syntax is not correct, an error message

indicates the location of the error, and the software does not activate any part of the

configuration. You must correct the errors before recommitting the configuration.

You can easily recover previous configurations with a rollback ncommand. JUNOS

Software maintains a configuration history by storing previously active configurations.

The software saves a maximum of 50 configurations. This number includes the

current active configuration, which is also known as r ol l back 0, and up to 49previously active configurations. If you perform a rollback operation, keep in mind that

the related configuration does not become active until you issue a commitcommand.

When you issue a commitcommand and there are 50 rollback configurations, thesoftware purges the last rollback configurationrollback 49.


92/230


93/230



Loading Configuration FilesYou can use the configuration mode loadcommand to load a complete or partial

configuration from a local file, from a file on a remote machine, or from a terminal

emulation programs capture buffer. The loadcommand supports several argumentsthat determine the specifics of the operation.

The following list provides details for some of the arguments to the loadcommand:

factory-default: Replaces the full current configuration with the

factory-default configuration.

merge: Combines the current configuration with the configuration you

load.

override: Completely overwrites the current configuration with the

configuration you load. You must perform override operations at the root

of the configuration hierarchy.

patch: Adds or deletes variables from the configuration based on the

contents of a specified patch file. The patch file used in this operation

uses the contextual diff format. The file generated from a show |

compare | saveoperation creates such a file.

replace: Looks for a replace tag in the configuration you load. The

software replaces existing statements of the same name with those in

the loaded configuration for stanzas marked with the r epl acetag.



94/230



Loading Configuration Files (contd.) set: Allows users to load setcommands from the terminal or from a

saved file that consists of setconfiguration statements.

update: Updates the existing configuration with the configuration you

load. When the updateoption is used, the JUNOS Software attempts to

notify only those processes affected by the configuration changes. Whenthe overrideoption is used, JUNOS Software makes no such attempt.

You can use theupdateoption from any hierarchy while you can use the

overrideoption only from the top level hierarchy.

terminal: Uses the text you type at the terminal as input to the

configuration. Type Ctrl+d to end terminal input. This option is usually

used in conjunction with a terminal emulation programs copy and paste

functionality to copy and paste configuration data from one system to

another.

relative: Normally, a load mergeor load replaceoperation

requires that the data you load contains a full path to the related

configuration hierarchy. The relativeoption negates this need by

telling the device to add the data you load relativeto the current

configuration hierarchy.

commitActivates Candidate ConfigurationIn all cases, after the loadoperation is complete, you must issue a committo

activate the changes made to the configuration.


95/230



runBaby runThe runcommand allows you to execute operational mode commands while in

configuration mode. It is similar to the docommand on equipment from other

vendors, but much more flexible. This extremely handy time-saver works for alloperational mode commands and the software supports it at all configuration

hierarchies. In the example on the slide, we are editing the configuration for the

devices ge-0/0/12 interface. After assigning what we hope to be the correct IP

address, we commit the change and invoke theruncommand to execute a quick ping

test.


96/230



The J-Web GUIThe slide highlights the topic we discuss next.


97/230



The J-Web User InterfaceThe J-Web makes initial deployment a snap. No client software is necessary other

than a standard Web browser. After initial configuration, you can return to J-Web for

system monitoring and maintenance.When you log in to J-Web, you always start by viewing the J-Web Dashboard. TheDashboardprovides a quick glance of system status, ports, alarms, and utilizationinformation.

The Conf i gur etab allows you to configure the system in a point-and-click fashion orby a direct edit of the configuration in text format. Help is available by clicking the

question mark (?) next to the various configuration options.

You can also view the results of configuration changes, such as routing table entries.

You can view most details related to theshowcommands of the CLI in J-Web using a

point-and-click approach.

TheTr oubl eshoot tab provides common network tools such as ping and traceroute

to quickly assess network issues. You can use the Mai nt ai ntab to easily performsoftware upgrades and file system maintenance.


98/230



Logging In to J-WebIf you want remote access using J-Web, you must enable the HTTP or HTTPS service

under the [ edi t syst em ser vi ces] hierarchy level as shown:

[ edi t syst em]user @host # show servicesssh;t el net ;web- management { http;}

If you configure HTTPS, you need to generate and install a local certificate for secure

Web management.

Once you configure a device running JUNOS Software for access, you can log in using

your Web browser. If you configured the system to use an external authentication

mechanism such as a RADIUS server, J-Web will also use that mechanism for

authentication. Otherwise, it uses the username and password configured on the local

system.


99/230



Quick VerificationJ-Webs default tab is the Dashboardtab. The Dashboardprovides a quick view ofthe systems current status along with other system-specific details.


100/230



Performing Configuration Tasks with J-WebJ-Web offers an easy-to-use interface for configuring your device running JUNOS

Software. Choose which configuration hierarchy you want to view or edit in the left

navigation menu. Information about that hierarchy appears on the main portion of thescreen. You can select various options for viewing or editing. You can add new

configuration options with the Addbutton or edit existing configuration options withthe Edi t button. These buttons and a Del et ebutton are located near the top rightof the screen.

If you prefer to manipulate your configuration with a text-based approach, choose the

CLI Tool s option at the bottom of the navigation menu.


101/230



Performance MonitoringOn the Moni t or tab, you can view detailed real-time statistics and the results ofconfiguration-related activity. As seen on the slide, the I nt er f aceshierarchy

provides statistics in a graphical fashion using colorful pie charts and graphs. Use thedrop-down menus to customize your view. Hovering the mouse pointer over various

parts of the screen presents you with more detailed information. Most of the

hierarchies on the left side of the screen are carry-overs from the Conf i gur etab.Selecting these options provides a point-and-click alternative over CLI show

commands.


102/230



System MaintenanceThe Mai nt ai ntab provides an interface to manage file systems, JUNOS Software,and configuration files. Under the Fi l es section, you can download and delete log

files, memory dump files, and other temporary files to keep your compact-flash devicefrom becoming too full. Conf i g Management allows you to retrieve historicalconfiguration files and to compare differences between configurations. Choosing

Sof t wareprovides methods for upgrading and downgrading the JUNOS Software.You can automate the upgrade process by specifying a remote FTP server to retrieve

the JUNOS Software. The system then upgrades with the retrieved software and

issues a reboot of the system to complete the upgrade process. The Li censessection provides the details on installed licenses on the system, allowing you to add

licenses. The Reboot section allows you to schedule reboots and provides otheroptions for rebooting the system. Cust omer Suppor t provides a quick method toregister your device and retrieve support information required by Juniper Networks

Technical Assistance Center (JTAC).


103/230



Troubleshooting ToolsTheTr oubl eshoot tab offers several handy utilities that can ease yourtroubleshooting efforts. You can troubleshoot individual ports, ping a remote host,

perform a traceroute, capture packet dumps, and even open an embeddedJava-based terminal session to your system.


104/230



This Chapter Discussed: Common user interface options available for platforms running JUNOS

Software;

The JUNOS Software CLI and its related modes and features; and

The J-Web GUI and its tabs, key screens, and functions.


105/230



Review Questions1.

2.

3.

4.

5.

6.


106/230



Lab 1: User Interface OptionsThe slide provides the objective for this lab.


107/230

Introduction to JUNOS SoftwareChapter 4: Initial Configuration


108/230


Chapter 42 Initial Configuration

This Chapter Discusses: The factory-default configuration for platforms running JUNOS Software;

Initial configuration tasks performed on devices running JUNOS

Software; and

Interface types and interface configuration basics.


109/230


Introduction to junos software

Documents

Transcript of Introduction to junos software